Blog Posts Tagged with "Tools"

Network analysis has never been easier. Power Pwn, which looks like a surge protector, can be controled remotely via Wi-Fi, Bluetooth, and Ethernet as it searches for network weaknesses. It’s fully manageable via a Web interface accessible through the unit's 3G radio or directly to the device via text message...

No matter how many times it's warned against, most Security professionals use themselves and their contemporaries as the basis for what's "right". And as security becomes higher profile with more incidents it really starts looking like instead of having cynical contempt for the users, it's more like plain excuses...

It's real simple, first we've gotta add the GetTcpTable function to Railgun, then gauge the size of the table, then it's all just parsing the result. Also pretty straight forward. First we get the number of entries which is held in the first 4 bytes, then just parse the MIB_TCPTABLE one MIB_TCPROW...

DEUCE went from simple concept to a multi-encoding and encryption DLP bypass tool. The program simply takes an input file and creates a cookie for each line. DEUCE has the ability to encrypt via AES, hash with MD5 or use a custom multi-encode with a 3 times replacement cipher...

“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”

There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...

I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...

Sometimes the wrong people get the code and use it maliciously. It is in the nation’s best interest to keep the power infrastructure safe and keep meters fool proof, but it depends on how effective a tool is to be able to effectively manipulate the technology to an individual’s own financial advantage...

Since October, 2010, Shodan has consistently made waves in the information security world. Like any security tool, Shodan can be leveraged by both malicious attackers and legitimate security operations to gain insights into the public IP exposure of an organization. Now enters the Shodan App...

Honeypots are simple technology intended to be compromised. There is little or no production traffic going to or from the device, so any time a connection is sent it is most likely a probe, scan, or an attack. Any time a connection is initiated from the honeypot, this most likely means it was compromised...

Security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo board which supports emulating a Human Interface Device out of the box...

We have mentioned before that Twitter will send every tweet to the National Archives and the Library of Congress, so watch what you tweet. Now new tools unleash a trove of data in moments. For the 140 million and growing user base that tweets over 400 million tweets per day, this might be a little more than alarming...

A skilled attacker may be able to determine you are using a VPN to connect to Tor by fingerprinting traffic streams. Tor traffic is padded to 512 byte size packets, normal VPN traffic is not. By filtering for 512 byte streams, an attacker can determine who all is using Tor in a given area...

Cybercrime is operating as an enterprise, with tools offered for the coordination of cyber attacks such as spamming of malware, malware hosting, and for building command and control infrastructure for botnets. The latest service is called CapFire4, and it’s a good example of malware-as-a-service...

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark - here's how...